403Bypasser is a simple plugin that lets you bypass 403 status code by transforming HTTP requests with custom templates.

A fast, minimalistic scanner for time-based SQL injection (SQLi) detection – built in Go.

CHAOS - Recon data for Public Bug Bounty Programs | Stopped the action for some updates

SubOwner - A Simple tool check for subdomain takeovers.

Complete Solution for VAPT/AppSec and Pentesting Guide: Web | Mobile | API | Thick Client | Source Code Review | DevSecOps | Wireless | Network Pentesting | SAST | DAST etc...

Some bug bounty functions in one

A container repository for my public web hacks!

R3C0Nizer is the first ever CLI based menu-driven web application B-Tier recon framework.

⚡ Fast Web Security Scanner written in Rust based on Lua Scripts 🌖 🦀

Unwaf is a Go tool designed to help identify WAF bypasses using passive techniques. It automates the process of discovering the real origin IP behind a WAF/CDN by combining multiple discovery metho…

Tools and Techniques for Red Team / Penetration Testing

Payload for bug bounty

Powerfull Automatic Sql injection Tools Pack

hauditor is a tool designed to analyze the security headers returned by a web page.

autovpn is a tool for bug hunters to proxify their system, while running their automation tool. prevent the troubles that arises from their IP address being blocked.

reverse engineered and improved BSQLi script from Coffinxp

SpideyX a multipurpose Web Penetration Testing tool with asynchronous concurrent performance with multiple mode and configurations.

Automation tool to testing and confirm the xss vulnerability.

Get PROXY List that gets updated everyday

Awesome Vulnerable Applications

The recursive internet scanner for hackers. 🧡

🚀 XSSFUZZ - A tool for detecting XSS vulnerabilities in web applications.

A security research site.

DarkAngel 是一款全自动白帽漏洞扫描器，从hackerone、bugcrowd资产监听到漏洞报告生成、漏洞URL截屏、消息通知。

This repo contain Myanmar Pentster Community web-hacking class resources and published with education purpose.